# This is supposed to be used with:
#     tooling/bin/find_codeowners tooling/config/CODEOWNERS.yml
# And paste the contents into .gitlab/CODEOWNERS

'[Authentication and Authorization]':
  '@gitlab-org/manage/authentication-and-authorization/approvers':
    allow:
      keywords:
        - 'password'
        - 'auth'
        - 'token'
      patterns:
        - '/{,ee/}app/**/*%{keyword}*{,/**/*}'
        - '/{,ee/}config/**/*%{keyword}*{,/**/*}'
        - '/{,ee/}lib/**/*%{keyword}*{,/**/*}'
    deny:
      keywords:
        - '*author{,s}.*'
        - '*author{,s}_*'
        - '*authored*'
        - '*authoring*'
        - '*.png'
        - '*.svg'
        - '*deploy_token{,s}{*,/**/*}'
        - '*runner{,s}_token*'
        - '*job_token{,_scope}{*,/**/*}'
        - '*autocomplete_tokens*'
        - 'dast_site_token*'
        - 'reset_prometheus_token*'
        - 'reset_registration_token*'
        - 'runners_registration_token{*,/**/*}'
        - 'terraform_registry_token*'
        - 'filtered_search{_bar,}/'
        - 'alert_management/'
        - 'analytics/'
        - 'bitbucket/'
        - 'clusters/'
        - 'clusters_list/'
        - 'dast/'
        - 'dast_profiles/'
        - 'dast_site_tokens/'
        - 'dast_site_validation/'
        - 'dependency_proxy/'
        - 'error_tracking/'
        - 'google_api/'
        - 'google_cloud/'
        - 'jira_connect/'
        - 'kubernetes/'
        - 'protected_environments/'
        - '/config/feature_flags/**/*'
        - '/config/metrics/'
        - '/app/controllers/groups/dependency_proxy_auth_controller.rb'
        - '/app/finders/ci/auth_job_finder.rb'
        - '/ee/config/metrics/'
        - '/lib/gitlab/conan_token.rb'
        - 'token_access/'
        - 'pipelines/'
        - 'ci/runner/'
        - 'config/events/'
        - 'config/audit_events/'
        - 'runner_token_expiration/'
        - '*metadata_id_tokens*'
        - '/app/assets/javascripts/invite_members/'
      patterns:
        - '%{keyword}'

'[Compliance]':
  '@gitlab-org/govern/compliance':
    entries:
      - '/ee/app/services/audit_events/build_service.rb'
      - '/ee/spec/services/audit_events/custom_audit_event_service_spec.rb'
    allow:
      keywords:
        - audit
      patterns:
        - '/{,ee/}app/**/*%{keyword}*'
        - '/{,ee/}config/**/*%{keyword}*'
        - '/{,ee/}lib/**/*%{keyword}*'
    deny:
      keywords:
        - '*.png'
        - '*bundler-audit*'
        - '**/merge_requests/**'
        - '/config/feature_flags/**/*'
        - '/ee/app/services/audit_events/**/*'
        - '/ee/spec/services/audit_events/**/*'
        - '/ee/spec/services/ci/*'
        - '/ee/spec/services/personal_access_tokens/*'
      patterns:
        - '%{keyword}'
